UNT DOS 18 Aug, 2005
UNT has a single-login system set up via LDAP so, in theory, for any online university resource, you should only need to remember one password. This system works pretty well, except for one major defect which keeps manifesting itself on my account.
There’s a DOS situation: once a valid username is discovered
(not too difficult, /[a-z]{3}[0-9]{4}/ and the
Account Management site
validates it for you), you simply need to pretend to log in
as that user a couple of times in order for their account to
be locked. The password that user had may never be used
again.
I’ve had this happen to me no fewer than 20 times over the last six months, and I begin to wonder if someone else thinks their username is the same as mine, and keeps trying to log in. The biggest issue is that this happens outside working hours, and usually at times when I also want to check my account status, like right before the semester starts. It’s to the point where I’d like to request a username change, but as far as I know, this is not an option the university provides. They also don’t keep logs sufficient to show whether or not I’m indeed being harassed by someone.
Now if I really wanted to mess someone up, I’d rig up a little
one-liner to look up someone’s euid from either
ldap://id.unt.edu/ or http://info.unt.edu/
and attempt to log in to any number of places such as
http://ams.unt.edu/.
Too easy? It is.